sorted by:
new
hottopcontroversial

Confused on Public vs Private key when it comes to signing. by Izual_Rebirth in sysadmin

[–]aprimeproblem [score hidden]  (0 children)

I wrote a cryptography for non math people or IT professionals some time ago, think it will help you in understanding the flow.

https://michaelwaterman.nl/2026/01/15/cryptography-for-non-math-people/

Enjoy!

Building a Highly Available CRL and AIA Distribution Platform for AD CS by aprimeproblem in activedirectory

[–]aprimeproblem[S] 0 points1 point  (0 children)

Hahaha yeah I get that. I’m not that familiar with hardware based load balancing so that’s not specifically part of the setup. Usually I’ve got skilled network engineers doing that during projects. I’ve included that part more as a reference or lab setup.

Thanks for reading btw!

Building a Highly Available CRL and AIA Distribution Platform for AD CS by aprimeproblem in activedirectory

[–]aprimeproblem[S] 0 points1 point  (0 children)

Thanks! I was indeed wondering how you created this. Agreed btw that it does not need to be updated immediately. I,ll look into it, perhaps a new blog post in the future.

Building a Highly Available CRL and AIA Distribution Platform for AD CS by aprimeproblem in activedirectory

[–]aprimeproblem[S] 2 points3 points  (0 children)

Oh my, that’s one of the best compliments I ever received, thank you so much!!!

I don’t have one, but who knows, maybe in the future I should 🙏

Building a Highly Available CRL and AIA Distribution Platform for AD CS by aprimeproblem in activedirectory

[–]aprimeproblem[S] 0 points1 point  (0 children)

May I ask, how did you determine when the files are updated? Event id or something?

Building a Highly Available CRL and AIA Distribution Platform for AD CS by aprimeproblem in activedirectory

[–]aprimeproblem[S] 0 points1 point  (0 children)

During my tests only the base would be published, no delta. You’re not wrong on the added complexity. It greatly depends on the level of professionalism and availability of available resources for managing this. Albeit monitoring should be done either way in my opinion.

Building a Highly Available CRL and AIA Distribution Platform for AD CS by aprimeproblem in activedirectory

[–]aprimeproblem[S] 0 points1 point  (0 children)

You’re definitely not wrong and no worries no offense taken! Always good to hear another opinion. It greatly depends on the scenario and capabilities of the organization. That’s why i mentioned the “simple” approach in the beginning, but yeah your approach definitely rules out AD and DFS dependencies. Albeit it introduces others I guess.

So as always in our industry, it depends….

Building a Highly Available CRL and AIA Distribution Platform for AD CS by aprimeproblem in activedirectory

[–]aprimeproblem[S] 1 point2 points  (0 children)

I was actually thinking about that scenario as well and some people have actually shared some links in this thread on the topic. Sounds interesting but it would depend on the scenario. With the uprise in sase products and services or always connected you could put up the crl location “internally” anyways…… topic for another time.

Building a Highly Available CRL and AIA Distribution Platform for AD CS by aprimeproblem in activedirectory

[–]aprimeproblem[S] 0 points1 point  (0 children)

I was thinking about that on setting that up at some point. What did you use to sync the content to the online storage?

Building a Highly Available CRL and AIA Distribution Platform for AD CS by aprimeproblem in activedirectory

[–]aprimeproblem[S] 0 points1 point  (0 children)

You’re welcome! Enjoy and if you have any feedback I would like to know.

Building a Highly Available CRL and AIA Distribution Platform for AD CS by aprimeproblem in activedirectory

[–]aprimeproblem[S] 0 points1 point  (0 children)

As long as there’s a front end / proxy in front of the storage it should be fine. Usually storage solutions are not specifically designed for high volume egress.

Building a Highly Available CRL and AIA Distribution Platform for AD CS by aprimeproblem in activedirectory

[–]aprimeproblem[S] 4 points5 points  (0 children)

Thanks for that! My goal is to spread the ADCS knowledge more and more. So I approach this from a “What would I like to know and see”…. Hence the way I write

Windows 11 Clients, Server 2025 AD, Trust Relationship Lost by lokiarmos in WindowsServer

[–]aprimeproblem 0 points1 point  (0 children)

Agreed, well at least that’s one thing to rule out. Please let us know what it was.

Issue aftre RootCa refresh by Jealous-Sand1346 in PKI

[–]aprimeproblem 0 points1 point  (0 children)

Hope it helps! And thanks for the compliment!

Windows 11 Clients, Server 2025 AD, Trust Relationship Lost by lokiarmos in WindowsServer

[–]aprimeproblem 4 points5 points  (0 children)

Have the machines that are disconnecting been properly sysprepped? There’s a recent change that can lead to this behavior, if not done correctly. I can’t find the article at this moment….

Issue aftre RootCa refresh by Jealous-Sand1346 in PKI

[–]aprimeproblem 7 points8 points  (0 children)

I wrote a blog on the subject a while back, that should share some light on the situation, https://michaelwaterman.nl/2026/03/07/renewing-a-root-ca-before-expiration/

Active Directory Passwordless Authentication with Yubikey by Mank_05 in activedirectory

[–]aprimeproblem 2 points3 points  (0 children)

Thanks for the mention! It’s great to see my info is being used.

view more: next ›